Mike West
works and plays on the internet. Currently working as a Developer
Advocate on Google's Chrome team in Munich, he helps develop websites
and applications that (on good days) delight and inform. Drop me an
email at
mike@mikewest.org
follow me on
Twitter
or circle me on
Google+

5 articles and links tagged with “xss”

I had the distinct pleasure of talking with folks at this year’s CSSConf EU about the dangers of content-injection attacks. They’re not just for JavaScripters, you see: CSS is dangerous too! They’ve just posted the video, and I think it’s worth a little under a half-hour of your time to skim through.

Last week, I was in Zürich to chat about client-side security. Here, I’ve wrapped up an annotated transcript, along with the slides and video. I’m pretty happy with how the talk turned out: I think it’s a good representation of what I think is important in frontend security, and worth your time to peruse.

At the end of last year, I presented ‘Securing the Client Side’ at Devoxx, and I’ve been meaning to put together a more accessible version of the talk for those who weren’t there. I think the topics are important, and worth the effort of updating this site for the first time in a year. cough.

The web’s security model is fundamentally broken, and has been since the beginning. Content Security Policy is an upcoming feature of the web platform that promises to mitigate the risk of XSS attacks, and it’s worth starting to play with now.

Yesterday, Yahoo! made some announcements regarding The Future™ of many of their high profile properties. Specifically, they’re (slowly) opening up, enabling third-party developers to build applications that can be seen on and interact with your My Yahoo! page, or your mailbox. I think this is a great step, and one I wish they’d made before they laid me off.